The SUP DCN User is a logical role that Unwired Platform uses to authorize any DCN event: updating data in the cache, executing an operation, or triggering a workflow package.
Before any DCN event is submitted, the person or group mapped to this role must be authenticated and authorized by the security configuration. By default, SUP DCN User is automatically available to all new security configurations. However, the underlying default varies depending on the environment in use.
Before this logical role can be used, SUP DCN User must be mapped to a physical role in the enterprise security repository, and the user who performs DCN must be in that physical role.
-
To map the SUP DCN User to a user in the underlying security repository, the user name must be first defined in Sybase Control Center as a physical role that is mappable. Then, SUP DCN User role can be mapped to a physical user or to a physical role from Sybase Control Center. For example, to map SUP DCN User to a user that is not in the security repository, use the format user:User.
If you are supporting multiple domains, the user name must also include the named security configuration for the package the DCN is targeted for, by appending
@DomainSecurityConfigName as a suffix to that name. Suppose you have two packages (PKG_A, PKG_B) deployed to two domains (Domain_A, Domain_B) respectively.
Further, assume that PKG_A in Domain_A has been assigned to the "admin" security configuration, whereas PKG_B in Domain_B has been assigned to the "alternateSecurityConfig" security configuration.
- A user doing DCN to PKG_A should identify him or herself as User@admin.
-
A user doing DCN to PKG_B should identify him or herself as User@alternateSecurityConfig.
If you are using ActiveDirectory, and are using e-mail addresses for user names, definitions appear as username@myaddress@DomainSecurityConfigName.
The implementation varies, depending on the DCN service used:
- For workflows, because the resource the user is pushing data toward is a group of named users (users authenticated previously successfully against a certain security configuration), he or she must have the authorization to push to that particular security configuration. The user must be mapped to SUP DCN User in the security configuration for the workflow target.
- A user having SUP DCN User logical role in security configuration "mySecConfig1"' must not have the right to push workflow DCN or regular DCN to a user or package associated with "mySecConfig2".